2016/04/18 : Juha Saarinen writes on the document published by International Standards Organisation and International Electrotechnical Commission. This document "helps organisations handle responsible...Read more
Swiss Post official blog post refuting the rumors of their source code being "leaked" and summarizing their term of use and vulnerability disclosure policyRead more
2021/08/12 : "A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue."Read more
2019/02/22: Scytl statement concerning rumors of Swiss Post leaked source code. This addresses the cases of unofficial diffusion of source code and unofficial criticsRead more
2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.
"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the...Read more
2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more
2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2021/04/15 : This Policy and Disclosure 2021 Edition shows what modifications Projet Zero have done for 2021 and why, regarding vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms...Read more
2019/02/07: Swiss Post official post about their public intrusion test (bug bounty) on their e-voting system, summarizing their terms of use and vulnerability disclosure policyRead more
2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited....Read more